Privacy Policy

Welcome to Polish Cuisine. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Polish Cuisine is the data controller responsible for your personal information. For any questions or concerns regarding this Privacy Policy, please contact us at:

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, profile picture (via Google OAuth)
• User-Generated Content: Comments, ratings, reviews on recipes and blog posts
• Shopping Lists: Ingredients you add to your personal shopping list
• Favorites: Recipes you mark as favorites

2.2 Automatically Collected Information

• Session Data: Authentication tokens, session identifiers
• Usage Data: Pages visited, time spent, interactions (with your consent via analytics cookies)
• Device Information: Browser type, operating system, IP address (anonymized)

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a)): For analytics cookies, marketing cookies, and email communications
• Contract Performance (Art. 6(1)(b)): To provide services you requested (account management, saved content)
• Legitimate Interests (Art. 6(1)(f)): To improve our services, prevent fraud, and ensure security
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulations

4. How We Use Your Information

• To create and manage your user account
• To enable you to comment on recipes and blog posts
• To save your favorite recipes and shopping lists
• To personalize your experience on our website
• To respond to your inquiries and provide customer support
• To send administrative information (e.g., account updates, security alerts)
• To analyze website usage and improve our services (with consent)
• To detect and prevent fraud, abuse, and security incidents

5. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience. You can manage your cookie preferences at any time using our Cookie Settings.

5.1 Types of Cookies We Use

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Google (authentication, analytics), hosting providers (database storage)
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (Google services). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("Right to be Forgotten")
• Right to Restriction (Art. 18): Limit how we use your data
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for analytics/marketing cookies at any time

8. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

• Account Data: Until you delete your account or after 3 years of inactivity
• Comments and Ratings: Retained indefinitely unless you request deletion
• Analytics Data: Anonymized after 26 months (Google Analytics default)
• Session Data: Deleted when you log out or after 30 days

9. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication via Google OAuth 2.0
• Regular security audits and updates
• Access controls and monitoring
• Encrypted database storage

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children's Privacy

Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or wish to exercise your rights, please contact us:

13. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.